On Wed, Nov 26, 2008 at 9:52 PM, Igor Stasenko <siguctua at gmail.com> wrote:
> Its easy to show, that access modifiers or class sealing is not the
> answer to security.
> Simply do not give away an object references to untrusted code which
> would allow it to operate directly with critical system resources.
>> In short, a principle is very simple: you can't break things which you
> cannot reach or see.
Yes, and also as I just wrote in another post, it's a mistake to even
expect that access modifiers are there to provide security (despite
some unfortunate examples in mainstream literature). They are
artifacts that work at completely different architectural levels.
Access modifiers are there to ensure certain invariants about the
code. Thus they are a code-level trust structuring mechanism, not
object-level trust structuring that capabilities build.
Cheers,
--Vassili